Using GET SQL Method with the 'olimometer_id' parameter, we were able to get the database name from the EXAMPLE.COM website. By further running SQL Map using different arguments, we would be able to get the complete database, including usernames and passwords if there are such.
This is a proof of concept exploit for a local buffer overflow vulnerability in the PHP tidy_parse_string() and tidy_repair_string() functions. The vulnerability allows an attacker to execute arbitrary code on a vulnerable system. The exploit has been tested on Windows XP SP2 and works both from the command line and on Apache. More information about the vulnerability can be found at http://www.google.com/codesearch?hl=it&q=+tidy_parse_string&sa=N
Standard heap overflow exploit that overwrites the boundary tag for the next chunk. Hijacks the QWidget::setCaption() jump slot. Requires finding the specific address for the Qt multithreaded version being exploited.
A specially crafted web-page can cause an integer underflow in Microsoft Edge. This causes CTextExtractor::GetBlockText to read data outside of the bounds of a memory block. The root cause appears to be an integer underflow in a 32-bit variable used in CTextExtractor..GetBlockText as an index to read a WCHAR in a string buffer. This index is decreased once too often and becomes -1, or a very large positive number depending on how it is used. This does not result in a crash on 32-bit systems, as an integer wrap causes the code to read one WCHAR before the start of the buffer, which is normally also in allocated memory. On 64-bit systems, the 32-bit -1 value is interpreted as 0xFFFFFFFF, a very large positive value. As this is an index into a WCHAR string, it gets multiplied by two and added to the start of the buffer to find the location of a WCHAR to read. This causes the OOB read to be around 8Gb beyond the address at which the buffer is allocated.
A persistent Cross-Site Scripting vulnerability was found in the Instagram Feed plugin. This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf. In order to exploit this issue, the attacker has to lure/force a logged on WordPress Administrator into opening a URL provided by an attacker.
This exploit allows an attacker to retrieve the hash values from a Solar Empire server. It takes advantage of a SQL injection vulnerability in the Solar Empire software version 2.9.1.1. The attacker can use the retrieved hash values for further attacks such as password cracking.
The FTPShell Client version 5.24 is vulnerable to a remote buffer overflow attack. By sending a specially crafted PWD command, an attacker can overflow the buffer and potentially execute arbitrary code on the target system.
The VHDMP driver in Windows allows a normal user to clone a physical disk, leading to information disclosure and elevation of privilege. By bypassing DACL checks on NTFS, the user can extract sensitive data such as the SAM hive.
This module exploits a SEH buffer overflow in the Easy Internet Sharing Proxy Socks Server 2.2
This exploit allows an attacker to remotely execute code on a target system running MiniBB version 2.0.5. The vulnerability allows for arbitrary file inclusion, which can be used to read sensitive files or execute malicious code.
Services By CQR